The CIO of an enterprise learns the payroll server of a competitor has been the victim of ransomware. To help plan for the possibility of ransomed corporate data, what should be the CIO`s FIRST course of action? 

Answer options:

A. Back up corporate data to a secure location.
B. Develop a policy to address ransomware.
C. Require development of key risk indicators (KRIs).
D. Request a targeted risk assessment.

D